{"id":19287905,"url":"https://github.com/gunjankadu/spring-security-boilerplate","last_synced_at":"2026-04-11T20:40:10.953Z","repository":{"id":106041509,"uuid":"265943203","full_name":"GunjanKadu/Spring-Security-BoilerPlate","owner":"GunjanKadu","description":"Boiler Plate For Spring Security","archived":false,"fork":false,"pushed_at":"2020-05-29T15:48:46.000Z","size":1983,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-23T23:28:10.794Z","etag":null,"topics":["jpa","jwt","jwt-authentication","mysql","spring-security"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GunjanKadu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-21T20:17:07.000Z","updated_at":"2021-04-06T11:12:51.000Z","dependencies_parsed_at":"2024-06-29T08:49:48.336Z","dependency_job_id":null,"html_url":"https://github.com/GunjanKadu/Spring-Security-BoilerPlate","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/GunjanKadu/Spring-Security-BoilerPlate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GunjanKadu%2FSpring-Security-BoilerPlate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GunjanKadu%2FSpring-Security-BoilerPlate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GunjanKadu%2FSpring-Security-BoilerPlate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GunjanKadu%2FSpring-Security-BoilerPlate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GunjanKadu","download_url":"https://codeload.github.com/GunjanKadu/Spring-Security-BoilerPlate/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GunjanKadu%2FSpring-Security-BoilerPlate/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001100,"owners_count":26082991,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jpa","jwt","jwt-authentication","mysql","spring-security"],"created_at":"2024-11-09T22:07:33.533Z","updated_at":"2025-10-09T08:22:34.474Z","avatar_url":"https://github.com/GunjanKadu.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch2 align =\"center\"\u003eSpring Security\u003c/h2\u003e\n\n\u003ch2 align =\"center\"\u003e 5 Core Concepts of Spring Security\u003c/h2\u003e\n\n\u003ch3 align=\"center\"\u003e\u003cstrong\u003e\u003cli\u003eAUTHENTICATION\u003c/strong\u003e - Who Are You ?\u003c/l1\u003e\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eKnowledge Based Authentication\u003c/strong\u003e - Authentication depending on username and password which is a type of knowledge you have \u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003ePossesive Authentication\u003c/strong\u003e - OTP, Text Messages on your phone \u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eMulti Factor or 2 Factor Authentication\u003c/strong\u003e - Knowledge Based + Possesive Authentication \u003c/p\u003e\n\u003cbr/\u003e\n\u003ch3 align=\"center\"\u003e\u003cstrong\u003e\u003cli\u003eAUTHORIZATION\u003c/strong\u003e - I know who you are but are you allowed to do that ?\u003c/h3\u003e\u003c/li\u003e\n\u003cbr/\u003e\n\u003ch3 align=\"center\"\u003e\u003cstrong\u003e\u003cli\u003ePRINCIPAL\u003c/strong\u003e - The Currently Logged in user or the user with the particular account\u003c/li\u003e\u003c/h3\u003e\n\u003cbr/\u003e\n\u003ch3 align=\"center\"\u003e\u003cstrong\u003e\u003cli\u003eAUTHORITIES/PERMISSIONS/GRANTED AUTHORITY\u003c/strong\u003e\u003c/l1\u003e \u003c/h3\u003e\n\u003cp\u003ePermissions allowed for a specific users and then the user is authorized to do that action\u003c/p\u003e\n\u003cp\u003eEx In a retail store A Clerk can do_checkout, make_store_announcements but a Manager can do_checkout, make_store_announcements and view_financial_record \u003c/p\u003e\n\u003cp\u003eFine Granual Control\u003c/p\u003e\n\u003cbr/\u003e\n\u003cli\u003e\u003ch3 align=\"center\"\u003e\u003cstrong\u003eROLES\u003c/strong\u003e\u003c/h3\u003e\u003c/li\u003e\n\u003cp\u003eRoles are a group of authorities/permissions that are assigned toghether i.e ROLE_MANAGER will have do_checkout, make_store_announcements and view_financial_record and ROLE_CLERK will have do_checkout, make_store_announcements\u003c/p\u003e\n\u003cp\u003eIt makes easier to group permission and assign them to the user to be consistent \u003c/p\u003e\n\u003cp\u003eCoarse Grained\u003c/p\u003e\n\n\u003chr/\u003e\n\u003ch2 align=\"center\"\u003e\u003cstrong\u003eHow Spring Authentication Works?\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eSpring Security is basically an filter which block each request coming into the application and then process on it\u003c/p\u003e\n\u003cp\u003eSpring Security is applied on the entire application and not on a particular part/URL\u003c/p\u003e\n\n![Authetication](Img/AuthenticationSpring.png)\n\n\u003cp\u003eIn Spring Security when the authentication is successfull the authentication return Information about the logged in user\u003c/p\u003e\n\u003cp\u003eIt Keeps Track of the both input(User credentials) and output(verified or not) using the object of Type AUTHENTICATION it is an internal spring security interface  \u003c/p\u003e\n\u003cp\u003eThe Authentication objects the credentials before authentication and then the PRINCIPAL(Verified User Information) after authentication\u003c/p\u003e\n\u003chr/\u003e\n\n![Authentication1](Img/AuthenticationSpring1.png)\n\n\u003cp\u003eAuthentication Provider Is Responsible for doing the actual Authentication it is an interface having the method authenticate.\u003c/p\u003e\n\u003cp\u003eWe need to have implementation of this interface in our application and inform Spring Security\u003c/p\u003e\n\u003cp\u003eUser Enters his username and password, Spring Security puts this into the AUTHENTICATION object it goes to the implementation of the Authentication Provider and calls the authenticate method. If the credentials are right it then return the information about the currently logged in user in the Same AUTHENTICATION object\u003c/p\u003e\n\u003chr/\u003e\n\n![Authentication2](Img/AuthenticationSpring2.png)\n\n\u003cp\u003eEach Application have more than 1 way to authenticate users. For ex UserName and Password based, OAuth based or LDAP based. \u003c/p\u003e\n\u003cp\u003eTherefore there can multiple Authentication Provider in an application.\u003c/p\u003e\n\u003cp\u003eTo Coordinate Between all of these Authentication Provider there is a PROVIDERMANAGER\u003c/p\u003e\n\n\u003chr/\u003e\n\n![Authentication3](Img/AuthenticationSpring3.png)\n\n\u003cp\u003eThe ProviderManager asks all the AuthenticationProvider for the authentication type they support. To Achieve this Each authentication providers has a additional method Called Support().\u003c/p\u003e\n \u003cp\u003eThis is the method which is called by Provider Manager. Therefore each authentication provider has a Supports method.\u003c/p\u003e\n\n\u003chr/\u003e\n\n![Authentication4](Img/AuthenticationSpring4.png)\n\u003cp\u003eFor the Authentication provider to do the job the Provider needs to have access to the db where the userdetails are stored and retrieve it and verify it \u003c/p\u003e\n\u003cp\u003eTo Retrieve the UserInformation is Abstracted By Spring Security Into A class called by UserDetailsService which has a method loadUserByUserName which gives the User as an object\u003c/p\u003e\n\n\u003chr/\u003e\n\u003ch3 align=\"center\"\u003eThe Final Authentication Picture\u003c/h3\u003e\n\n![AuthenticaionFinal](Img/AuthenticaionFinal.png)\n\n\n\u003chr/\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgunjankadu%2Fspring-security-boilerplate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgunjankadu%2Fspring-security-boilerplate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgunjankadu%2Fspring-security-boilerplate/lists"}